Who we are
We are Bayesian Energy Limited, a company registered in England and Wales under company number 13876917, with our registered office at Senna Building, Gorsuch Place, London, United Kingdom, E2 8JF. In this Privacy Policy we refer to ourselves as “Bayesian Energy”, “Bayesian”, “we”, “us”, or “our”. We take the privacy of your personal data seriously and are committed to handling it responsibly.
Bayesian is the data controller responsible for the personal data processed through our platform and in connection with the Services, and we own the intellectual property in our products.
Under our standard terms, we are a controller of your personal data rather than a processor acting on a customer’s behalf. If a customer needs us to handle data specifically as their processor, that is dealt with separately under a dedicated data processing agreement.
If you have any questions about this Privacy Policy or how we handle personal data, you can reach us at contact@bayesian.energy.
Interpretation
Where this Privacy Policy refers to “applicable data protection law”, we mean the privacy and data protection laws that govern how we handle your personal data. For us, this is the UK GDPR and the Data Protection Act 2018.
Terms such as “UK GDPR”, “controller”, “processor”, “personal data”, “processing”, and “data subject” carry the meanings set out in applicable data protection law.
When we say “you” or “your”, we mean the person whose personal data we are handling. References to Bayesian are to Bayesian Energy Limited acting as the data controller.
This Privacy Policy covers the personal data we handle when you, among other things:
- browse a website of ours that points to this policy;
- interact with our official social media accounts;
- come to our offices;
- contact us, or hear from us, whether by email, phone, or text;
- use our products and services — including our software and our consulting, implementation, and advisory work — in situations where we act as a controller of your data;
- sign up for or join one of our webinars;
- supply goods or services to us, or work for an organisation that does, where we act as a controller of your data;
- work for one of our customers and have your details passed to us as a controller, for instance while a contract is being put in place; or
- take part in a survey or similar exercise we run.
Throughout this policy, we refer to these activities collectively as the “Services”.
Our websites and services may link out to sites, apps, and platforms run by other organisations. Those third parties handle your data under their own privacy notices, and we’d encourage you to read them separately.
What personal data do we collect?
When you deal with us directly, the personal data we collect tends to fall into a few broad categories: information that identifies you, details about your role or employer, commercial information, and information about how you use our websites and services. The table below sets out the main situations in which we collect data and what we typically gather in each case.
| When this happens | What we usually collect |
|---|---|
| You ask about our services, get in touch through our contact features, request support, set up an account or sign up for updates, register for a webinar, use our products and services, download something from us, or have your details shared with us because you work for one of our customers | Contact details such as your name, job title, employer, address, phone number, and email address, along with any account login details and anything else you choose to tell us |
| You register for or attend one of our webinars | Registration details, which may include your name, job title, employer, location, phone number, and email address |
| You visit our websites or open our emails | Technical and usage information about your device and how you interact with us — for example IP addresses and similar identifiers — gathered through cookies, web beacons, and comparable technologies |
| You use our products and services | Information about your device and how you use the services, captured through log files and similar technologies |
| You send us information of your own accord, such as by filling in a survey or questionnaire | Whatever information you provide as part of that |
| You are a supplier or service provider to Bayesian, or work for one | Contact details and, where relevant, billing and payment information |
We may also obtain information about you from other sources, including partners who supply publicly available data that can include personal data. Where we do, we may combine it with the information you have given us directly.
If we obtain your personal data from a third party rather than from you, we will give you the relevant privacy information when we first get in touch, as required under applicable data protection law.
Why do we process your personal data?
We only use your personal data where we have a proper reason to do so. The table below sets out the purposes for which we process personal data and the legal basis we rely on for each.
| Purpose | What this involves | Legal basis |
|---|---|---|
| Running our websites | Operating and administering our websites and delivering the content you ask for | Our legitimate interest in making online content available to customers and prospective customers |
| Improving our websites | Looking at how our websites are used so we can understand trends and improve the experience | Our legitimate interest in running a useful, well-functioning website |
| Keeping our websites secure | Monitoring how our websites are used and looking into unusual activity | Our legitimate interest in keeping our websites safe and protecting our rights and those of others |
| Managing webinar sign-ups and attendance | Organising and running webinars you have registered for | Performance of a contract or, where needed, your explicit consent |
| Communicating with you | Sending you marketing, product suggestions, and other non-transactional updates about us, our services, and our partners | Our legitimate interest in direct marketing, or your prior consent (see “Marketing” below) |
| Handling enquiries and support | Responding when you complete a contact form, ask for support, or otherwise reach out to us | Necessary to perform a contract, or our legitimate interest in dealing with your request |
| Delivering our services | Providing the services you have signed up for and meeting our obligations under the applicable terms | Necessary to perform a contract, or our legitimate interest in providing and administering our services |
| Developing and improving our services | Building out, refining, and improving how our services perform | Our legitimate interest in developing services that meet customer needs |
| Managing accounts | Administering customer and user accounts, including billing, correspondence, and managing our relationship with you | Necessary to perform a contract, or our legitimate interest in managing customer accounts |
| Checking usage and licensing | Reviewing usage to confirm it is consistent with the applicable terms of service | Necessary to perform a contract, or our legitimate interest in managing how our services are used |
| Internal reporting and modelling | Using data, including usage data, for internal reporting and business planning | Our legitimate interest in running and managing our business |
| Protecting our own security | Keeping Bayesian secure, including spotting, preventing, and investigating suspicious activity, fraud, and cybercrime | Our legitimate interest in keeping Bayesian secure and protecting our rights and those of others |
| Aggregating and anonymising data | Combining and anonymising data, including usage data, so it no longer identifies you | Our legitimate interest in reducing the amount of personal data we hold |
| Processing payments | Where you give us financial details, checking them and taking payment as needed to complete a transaction | Necessary to perform a contract |
Convexity AI inputs
Convexity AI is our agentic AI feature for energy and power systems modelling, available in our desktop apps and on the web. Rather than running its own model, it passes your request to a third-party AI provider that generates the response or carries out the task. Using it is entirely optional: you choose which provider to use — Claude (Anthropic) is the default, alongside Gemini (Google) and Kimi (Moonshot AI).
Your input is shared with a provider only to produce that response, and is handled under that provider’s own terms and privacy policy. Some providers are based outside the UK; see “International data transfers” below. Convexity AI does not need any personal data to work, and we ask that you do not enter any into it. Where we retain inputs to run and improve the feature, and to detect and prevent misuse (see “Monitoring and preventing misuse” below), we rely on our legitimate interest in providing and protecting services that meet customer needs, anonymise them where we can, and keep them in line with “Data retention” below.
Marketing
From time to time we may get in touch to tell you about our services, and those of our affiliates and partners, where you have given us consent or where we have a legitimate interest in doing so. An example of the latter is where you are already a customer and we let you know about similar products or services, as permitted under the Privacy and Electronic Communications Regulations 2003. We do not use automated calls for marketing.
Where the law requires it, we will ask for your consent before sending you marketing. You can change your mind or opt out at any time, either by using the unsubscribe link included in each message or by emailing us at contact@bayesian.energy.
Cookies and similar technologies
We use cookies and similar technologies as you browse our websites and use our services. Cookies are small text files stored on your device that let certain features work. We use both session cookies, which last only while you are visiting, and persistent cookies, which stay on your device until they expire or you remove them.
You can control or delete cookies through your browser settings. Be aware that blocking some cookies may stop parts of our websites and services from working properly.
Cookies we use
On our public websites, we only use cookies that are necessary for them to function — for example to keep you signed in, manage your session, and provide security — and these are set through our authentication provider. Because they are essential, there is no opt-out for them, but we do not use them to track you for advertising or to build a profile of you.
Within our signed-in application, we use product analytics to understand how the application is used, to improve it, and to keep it secure. We have set this up so that it does not store non-essential tracking identifiers on your device. We explain it further under “Analytics” below.
We do not set advertising cookies, and we do not use cookies to personalise content or ads.
Analytics
On our public websites, we use a privacy-focused analytics tool to understand, in aggregate, how our sites are used so that we can measure and improve their performance. This tool does not use cookies and does not rely on persistent identifiers to track you across websites, so it runs without the need for your consent.
Within our Convexity application, once you have signed in, we use PostHog, a product-analytics platform, to understand how the application is used, to improve it, and to help keep it secure. This includes information such as the pages and features you use, the actions you take, and similar interaction data, recorded against your account.
We have configured this analytics so that it does not store tracking identifiers on your device; activity is recorded against your account rather than through cookies or similar storage on your device. We do not use session recordings. Because we are not storing non-essential information on your device for this, it does not rely on your consent; instead, we rely on our legitimate interests in understanding and improving our application and in keeping it secure (see “Monitoring and preventing misuse” below). You can object to this use of your data at any time by contacting us at contact@bayesian.energy.
PostHog is hosted in the European Union and, by default, does not capture your IP address.
Monitoring and preventing misuse
Particularly while our products are at an early stage, we keep records of how the application and Convexity AI are used, linked to the relevant account, so that we can detect, investigate, and prevent misuse. This includes activity such as attempts to extract sensitive information, abuse, fraud, or use that breaches our terms. Where we identify misuse, we may restrict or suspend access. We do this on the basis of our legitimate interests in protecting our services, our users, and our rights.
Device and usage data
When you visit our websites or use our services, we automatically receive certain technical information. Depending on the context this can include things like an account identifier, username, or email address; your IP address; device or browser details such as browser type and operating system; the pages and files you view and how you interact with our websites; and the dates and times of your activity. We may use this information, including on a per-account basis, to operate, secure, and improve our products and services.
How do we share your personal data?
We do not sell, rent, or trade your personal data. We do share it in a limited set of circumstances, set out below.
Service providers. We use trusted third parties to help us run our business and deliver our services, and we share personal data with them where they need it to do their job. This includes providers of IT, hosting, and infrastructure; authentication; product analytics (PostHog, which we use within our application as described under “Analytics” above, hosted in the European Union); customer support; and, where relevant, email delivery and payment processing. The AI model providers behind Convexity AI are described separately in the “Convexity AI inputs” section above.
Corporate transactions. If we are involved in a merger, acquisition, financing, or sale of all or part of our business, or in negotiations towards any of these, your personal data may be shared or transferred as part of that process.
Legal and regulatory requirements. We may disclose personal data to courts, regulators, government bodies, or law enforcement where we are required to do so by law or legal process, or where it is necessary to establish, exercise, or defend our legal rights.
Government and law enforcement requests
When we receive a request from a government, regulatory, or law enforcement authority for personal data, we review it before responding. We check that the request has a valid legal basis and that it is necessary and proportionate, and we disclose only the minimum personal data needed to comply. Where we consider a request to be invalid, overly broad, or unlawful, we may challenge or decline it. Where the law allows and it would not prejudice an investigation, we may let you know about a request that affects you.
International data transfers
We are based in the United Kingdom, but some of the providers we rely on are located in other countries. As a result, your personal data may be transferred to and processed outside the UK.
The clearest example is Convexity AI. If you choose to use it, your input is sent to the AI model provider you select, and those providers are based outside the UK — Anthropic and Google in the United States, and Moonshot AI in China. As explained in the “Convexity AI inputs” section above, we connect to them through a standard API, your input is handled under each provider’s own terms (including their arrangements for international transfers), and using these providers is entirely your choice.
The product-analytics platform we use within our application, PostHog, hosts its data in the European Union. Transfers from the UK to the European Economic Area are covered by the UK’s adequacy decision for the EEA, which recognises that it provides an equivalent level of data protection.
Where we transfer personal data outside the UK in other circumstances, we take steps to keep it protected — for example by relying on a UK adequacy decision for the destination country, or by putting an appropriate safeguard in place such as an International Data Transfer Agreement (IDTA) or the UK Addendum to the European Commission’s Standard Contractual Clauses. If you would like more information about how we protect personal data when it is transferred internationally, please contact us at contact@bayesian.energy.
Data retention
We keep personal data only for as long as we need it for the purposes we collected it for, taking into account our legal and regulatory obligations. As a general guide:
- account and contact information is kept for as long as you have a relationship with us, and for up to seven (7) years afterwards, to reflect statutory limitation periods under the Limitation Act 1980 and related obligations;
- financial and billing records are kept for at least six (6) years, in line with UK requirements; and
- usage and activity logs are kept for up to twenty-four (24) months.
Where the law requires us to keep personal data for longer, that obligation takes priority over the periods above. Once we no longer need personal data, we securely delete or anonymise it.
Security
We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or misuse.
Your data subject rights
Under UK data protection law, you have a number of rights over the personal data we hold about you:
- Access: you can ask for a copy of the personal data we hold about you, along with details of how we use it;
- Rectification: you can ask us to correct personal data that is inaccurate or incomplete;
- Erasure: in certain circumstances, you can ask us to delete personal data we hold about you;
- Restriction: in certain circumstances, you can ask us to limit how we use your personal data;
- Portability: where it applies — for example, where we process your data by automated means on the basis of consent or a contract — you can ask us to provide it in a structured, commonly used, machine-readable format, or to send it to another controller;
- Objection: you can object to our processing of your personal data where we rely on legitimate interests. If you object to direct marketing, we will always stop — that right is absolute; and
- Automated decisions: you have the right not to be subject to decisions made solely by automated means that have a legal or similarly significant effect on you.
Where we rely on your consent to process your personal data, you can withdraw it at any time. Doing so does not affect any processing we carried out before you withdrew it.
To exercise any of these rights, please contact us at contact@bayesian.energy. We will respond within the time required by applicable data protection law and at no cost, unless your request is clearly unfounded or excessive, in which case we may charge a reasonable fee or decline to act on it.
Automated decision-making
We do not currently make decisions about you based solely on automated processing (including profiling) that produce legal or similarly significant effects. If this changes, we will update this Privacy Policy and put in place any safeguards required by applicable data protection law before we do so.
Supervisory authority
The Information Commissioner’s Office (the “ICO”) is the UK’s data protection regulator. If you have a concern about how we handle your personal data that we have not been able to resolve, you have the right to complain to the ICO at www.ico.org.uk. We would, of course, appreciate the chance to address your concerns first.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make significant changes, we will take reasonable steps to let you know, for example by posting a notice on our website or contacting you directly. The updated version takes effect once it is posted, so we encourage you to check back from time to time. The date below shows when this policy was last updated.
Contact us
If you have any questions or concerns about this Privacy Policy or how we handle personal data, please get in touch:
Bayesian Energy Limited
Senna Building, Gorsuch Place
London, United Kingdom, E2 8JF
Email: contact@bayesian.energy
This Privacy Policy was last updated on 24 June 2026.